Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection
CVE-2024-8755

8.4HIGH

Key Information:

Vendor: Progress
Status: Loadmaster
Vendor: CVE Published:; 11 October 2024

Summary

An improper input validation vulnerability exists in Progress LoadMaster, which allows authenticated users to execute OS commands through input manipulation. This flaw can impact the integrity of the device and may lead to unauthorized access to system commands, giving a potential attacker the ability to control the affected system. The vulnerability affects multiple versions of LoadMaster, including versions ranging from 7.2.48.12 to 7.2.60.1, as well as other associated products.

Affected Version(s)

LoadMaster 0 < 7.2.61.0

References

https://support.kemptechnologies.com/hc/en-us/articles/30...

vendor-advisory

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Sep 12, 2024

Credit

Huydoppa from giaohangtietkiem.vn